What is a Zero-Day Exploit?

Zero-day exploit: an advanced cyber attack defined

A zero-day vulnerability, at its core, is a flaw. It is an unknown
exploit in the wild that exposes a vulnerability in software or
hardware and can create complicated problems well before anyone
realizes something is wrong. In fact, a zero-day exploit leaves NO
opportunity for detection ... at first.

Vulnerability timeline

A zero-day attack happens once that flaw, or software/hardware
vulnerability, is exploited and attackers release malware before a
developer has an opportunity to create a patch to fix the
vulnerability—hence “zero-day.” Let’s break down the steps of the
window of vulnerability:

A company’s developers create software,
but unbeknownst to them it contains a vulnerability.

The
threat actor spots that vulnerability either before the developer
does or acts on it before the developer has a chance to fix it.

The attacker writes and implements exploit code while the
vulnerability is still open and available

After releasing
the exploit, either the public recognizes it in the form of identity
or information theft or the developer catches it and creates a patch
to staunch the cyber-bleeding.

Once a patch is written and used, the exploit is no longer called a
zero-day exploit. These attacks are rarely discovered right away. In
fact, it often takes not just days but months and sometimes years
before a developer learns of the vulnerability that led to an attack.

Anatomy of an attack - Zero-day

An explanation of zero-day vulnerabilities, how cyber attacks target them, and what you can do to protect your business. (video - 4:05 min)